General
-
Target
d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463.exe
-
Size
444KB
-
Sample
240520-bmrkrsdb81
-
MD5
0c34afe936fecc85fdfa87735bad598d
-
SHA1
9e24cc5cbac7c5667e57976d2536375ba25014e3
-
SHA256
d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463
-
SHA512
ddd81432a9e829c63dd57126926facb8b57b222632a97aef7b242eedcafb43b9d8f76491d588c6d3caefb2a4e5ea301f3b97be671b4e21aea3356b0a99ec96f7
-
SSDEEP
6144:u8INtdy8s24pEts2HnUmPjd3xg5J+J0FfJsd6fADKY0UjuY/PoSTiRVVRupR7vau:u8+s7pEe2HPVm50J0FfbAmbUXbpaRbi
Static task
static1
Behavioral task
behavioral1
Sample
d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
@Shehqqq6
147.45.47.93:80
Targets
-
-
Target
d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463.exe
-
Size
444KB
-
MD5
0c34afe936fecc85fdfa87735bad598d
-
SHA1
9e24cc5cbac7c5667e57976d2536375ba25014e3
-
SHA256
d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463
-
SHA512
ddd81432a9e829c63dd57126926facb8b57b222632a97aef7b242eedcafb43b9d8f76491d588c6d3caefb2a4e5ea301f3b97be671b4e21aea3356b0a99ec96f7
-
SSDEEP
6144:u8INtdy8s24pEts2HnUmPjd3xg5J+J0FfJsd6fADKY0UjuY/PoSTiRVVRupR7vau:u8+s7pEe2HPVm50J0FfbAmbUXbpaRbi
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Detects executables (downlaoders) containing URLs to raw contents of a paste
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-